Certicom KeyInject enables device producers to monitor and control unique keying material for devices

MISSISSAUGA, Ontario – (September 12, 2005)– A new product from Certicom Corp. (TSX: CIC) will give producers of devices, such as set-top boxes, mobile handsets and printers, more control over their outsourced manufacturing process and help to prevent the cloning of devices and replacement parts. Certicom KeyInject is a trusted key injection platform for anti-cloning. It enables device producers to track production by contract manufacturers by controlling access to keying information, metering the use of this information and generating reports on key usage.

In the manufacturing process, producers should use public-key cryptography to embed a private key that uniquely identifies a device, giving it future access to services, linking it to a billing system or providing integration of replacement parts. When producers use third-party manufacturers there could be a threat of key leakage, where not all of the keying material is used to manufacture legitimate devices. KeyInject eliminates this risk by sending encrypted keying material to manufacturers and releasing it only when the manufacturer provides usage reports or previously accessed keys.

Certicom KeyInject can also be used to transport and inject keys and certificates in conditional access and digital rights management (DRM) schemes such as HDCP (High-bandwidth Digital Content Protection), CPRM (Content Protection for Recordable Media), and other emerging consumer electronic standards. In these situations, unique keying material is embedded in a device to control access to streaming media and the usage of downloaded electronic files.

"In today's environment, keying material must be handled in a secure and robust fashion," said Paul Lypaczewski, vice president and general manager, Multimedia Business Unit, ATI Technologies Inc., developer of graphics and digital media silicon solutions. "Certicom is a proven authority for software cryptography. ATI chose Certicom KeyInject to securely transport and inject keys for use with our graphics and digital media silicon solutions."

Certicom KeyInject uses industry standard protocols and techniques based on elliptic curve cryptography (ECC) and advanced encryption standard (AES) for the strongest, most-efficient security. Other features include:

  • Proven, strong anti-cloning: meets stringent requirements to inject keying data during vulnerable manufacturing process, hardware-based protection of internal or third-party keys, controls and reports volume of keyed devices
  • Cost-effective factory provisioning: automates process to key a device before it gets to the user, flexible remote administration capabilities; complements conditional access systems
  • Highly configurable: addresses multiple deployment options, customize interface with manufacturing line system, enables enhanced capabilities.

"With increased focus on security in both industry and government, cryptography-in particular public-key-is taking centre stage. As a long-established player in this field, Certicom helps organizations protect their assets by developing new solutions that solve today's and tomorrow's security issues," said Jim Alfred, director of product management at Certicom.

Certicom KeyInject is part of the Certicom Trust Infrastructure that allows smart device vendors to securely manufacture and upgrade their devices with a cost-effective, off-the-shelf platform that offers flexibility, reliability and strong security.

Pricing and Availability
Certicom KeyInject is available this quarter and is priced depending on the number of sites. For more information, visit www.certicom.com/keyinject.

About Certicom
Certicom protects the value of your content, software and devices with government-approved security. Adopted by the National Security Agency (NSA) for classified and sensitive but unclassified government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the undisputed leader in ECC, Certicom security offerings are currently licensed to more than 300 customers including General Dynamics, Motorola, Oracle, Research In Motion and Unisys. Founded in 1985, Certicom's corporate offices are in Mississauga, ON, Canada with worldwide sales headquarters in Reston, VA and offices in the US, Canada and Europe. Visit www.certicom.com

For further information, please contact:

For Certicom    
Tim Cox Brendan Ziolo  
ZingPR Certicom Corp.  
(650) 369-7784 (613) 254-9267  
tim@zingpr.com bziolo@certicom.com
Certicom, Security Builder, Security Builder Crypto, Security Builder GSE, Security Builder IPSec, Security Builder Middleware,Security Builder PKI, Security Builder SSL, movianVPN, movianCrypt and movianMail are trademarks or registered trademarks of Certicom Corp. All other companies and products listed herein are trademarks or registered trademarks of their respective holders.
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Actual results may differ materially. Factors that might cause a difference include, but are not limited to, those relating to the acceptance of mobile and wireless devices and the continued growth of e-commerce and m-commerce, the increase of the demand for mutual authentication in m-commerce transactions, the acceptance of Elliptic Curve Cryptography (ECC) technology as an industry standard, the market acceptance of our principal products and sales of our customer's products, the impact of competitive products and technologies, the possibility of our products infringing patents and other intellectual property of fourth parties, and costs of product development. Certicom will not update these forward-looking statements to reflect events or circumstances after the date hereof. More detailed information about potential factors that could affect Certicom's financial results is included in the documents Certicom files from time to time with the Canadian securities regulatory authorities.
The shares of the company described above have been offered only to qualified institutional buyers in reliance on Rule 144A under the Securities Act of 1933, as amended (the "Securities Act"), and outside the United States pursuant to Regulation S of the Securities Act. The shares have not been registered under the Securities Act and may not be offered or sold in the United States or to a U.S. Person absent registration or an applicable exemption from registration requirements.
This press release does not constitute an offer to sell or the solicitation of an offer to buy any security and shall not constitute an offer, solicitation or sale in any jurisdiction in which such offering would be unlawful.